Verizon Customers’ Records Exposed in Security Snafu

This time, one that exposed account records for roughly 14 million Verizon customers to anyone online curious enough to find it.Chris Vickery, director of cyber risk research at security firm UpGuard, who found the data, privately told Verizon of the exposure shortly after it was discovered in late-June.The report also says that customer phone numbers, names, and some PIN codes were made publicly available online.”Companies like Verizon must put policies in place that require third-party vendors like Nice to adequately protect any customer data that touches the cloud”, he said.”I’m going to be asking the Judiciary Committee to hold a hearing on this issue because Congress needs to find out the scale and scope of what happened and to make sure it doesn’t happen again”, he told ZDNet.Read the full report at ZDNet.When you set up an S3 account and “bucket” (the term AWS uses for file storage), AWS actually sets the default permissions for that file as private, which means whoever left the records exposed had to override that default setting.In a statement, Verizon said the only individual to access the information other than Verizon or NICE Systems employees was the researcher from UpGuard. It said a “limited amount of personal information” had been left open to external access, as well as additional information that “had no external value”.Nice said it too was investigating the exposure.The S3 storage was operated by NICE Systems, which provides customer-tracking technology to help Verizon and scores of other large global enterprises to improve help desk and other service delivery. That’s not going to be very reassuring, though, as it’s not clear who (if anyone) downloaded the data while it was public.The database also contained hundreds of additional fields of data points for each account, including the customer’s type of subscription plan, the balance on their account, and if the customer is a member of the federal government.